you dont seem to be giving any permissions to your methods. in the method-permission element you are just listing all the methods but are not defining the roles with permissions to the methods. you are also not defining any roles. i would recommend removing the entire method-permission element from your ejb-jar.xml. this will allow anyone to access your methods. if you do really want permission based access, i could help you with the xml. also regarding the container-transaction element, it seems like you are listing all your methods and giving them a transaction attribute of Never. is this really what you want?? i would recommend removing every container-transaction element from your ejb-jar.xml. This will let it default to Requires. this is a more likely the transaction attribute you want. your ejb-jar.xml file will become nice and small, like this <?xml version="1.0"?> <!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN' 'http://java.sun.com/dtd/ejb-jar_2_0.dtd'> <ejb-jar> <display-name>secondejbJAR</display-name> <enterprise-beans> <entity> <display-name>EntityEJB2</display-name> <ejb-name>EntityEJB2</ejb-name> <home>EntityEJB2Home</home> <remote>EntityEJB2</remote> <ejb-class>EntityEJB2Bean</ejb-class> <persistence-type>Bean</persistence-type> <prim-key-class>java.lang.String</prim-key-class> <reentrant>False</reentrant> </entity> </enterprise-beans> </ejb-jar> ========================= The orion-application.xml is: <?xml version="1.0"?> <!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application runtime 1.2//EN" "http://www.orionserver.com/dtds/orion-application.dtd"> <orion-application deployment-version="1.5.2" autocreate-tables="false"> <ejb-module remote="false" path="ejb-jar-ic.jar" /> <web-module id="war-ic" path="war-ic.war" /> <persistence path="persistence" /> <principals path="principals.xml" /> <log> <file path="application.log" /> </log> <namespace-access> <read-access> <namespace-resource root=""> <security-role-mapping name="<jndi-user-role>"> <group name="guests" /> </security-role-mapping> </namespace-resource> </read-access> <write-access> <namespace-resource root=""> <security-role-mapping name="<jndi-user-role>"> <group name="guests" /> </security-role-mapping> </namespace-resource> </write-access> </namespace-access> </orion-application> ================================ And principals.xml: <?xml version="1.0"?> <!DOCTYPE principals PUBLIC "//Evermind - Orion Principals//" "http://www.orionserver.com/dtds/principals.dtd"> <principals> <groups> guests </groups> <users> anonymous </users> </principals> ================================ Can someone tell me what is wrong/incorrect? Thank you! Jeanne